Everything You Need To Know About The GDPR

GDPR: All your basic questions answered

The General Data Protection Regulation is coming into effect in the European Union from May 25, 2018.

This new regulation will change the way personal data is collected, stored and used, and affects businesses servicing the EU as well as those taking data about any EU citizens.

We have covered the basics here to get you started and see if you need to find out more to stay compliant.

What is GDPR?

The GDPR is a regulation that has been designed specifically to improve protections for people around the processing of their personal data.

Why is this new regulation important?

Previous guidelines around personal data protection have been patchy, because they only applied to specific countries and legal jurisdictions, so there were loopholes and discrepancies.

Also, previous directives were just that, directives. These new laws are regulations, which means there is a minimum base level that businesses MUST comply with.

While businesses have been collecting personal information for 100 years, the widespread storage, use and sharing of personal data exploded with the rise of the internet. We have needed good laws in this area for some time now, but action hadn’t yet been taken.

Recently we have seen many businesses who have leaked personal data or been hacked, which has solidified the need for the stronger regulations.

Who does this affect?

Although your business may not be based in the EU, or specifically conduct business there, the effects of the GDPR are pretty wide reaching.

Anyone who collects, stores, manages or uses the personal data of any EU citizen needs to comply with the new regulations.

This includes email addresses, so for many small and medium businesses, if you deal with customers online, this very well may apply to you.

Because of the nature of email addresses, it might affect you without you even knowing. For example, do you know geographically where all of your customers, including people just on your emailing list, are based? How do you know they aren’t EU citizens?

As an example, this will likely affect you if you use any of the following for your business:

Individual Rights

The new laws give greater personal rights to the customer.

These include the right to know what their data is being used for, to request a copy of it, to use it elsewhere, to request that it be rectified if something is incorrect, to restrict its use and request that it be deleted if consent is removed.

Data Processing

The responsibilities of businesses who manage, process and store the data are laid out in the new laws. There must be documented contracts between these parties detailing how the data is going to be used.

Most businesses will need to appoint a data protection officer, who will be responsible for making sure that you comply with the GDPR. If you are a small business, this will most likely be you, so the buck stops here.

There are also extra restrictions around transferring personal data between countries and organisations outside the EU.

What does your business need to do to comply?

If you think these changes might affect your business, there are a few simple things you can do to make sure that you comply.

You need informed consent to collect and use personal data from all existing clients (as well as new ones). You need to get in contact with all existing customers and get them to give you that consent.

For new customers, you will need to give them information about how you are using their personal data, and then get their consent to do so. A double opt-in, which means your pop-up form just asks them to repeat and confirm their email address before subscribing, is one of the easiest ways to do this.

Your opt-in form also has to explain what data you are collecting and what you are doing with it.

You will need to delete the details of any customer that doesn’t give you this consent, and make sure that you get rid of any old details or lists that you are no longer using.

You will need to have a system of exporting the data to any customer who requests it.

What if you don’t comply?

There are administrative fines and penalties if your business is found to be non-compliant with the new regulations. The specific fine will depend on factors like the nature of your breach, your intent and the size of your company, plus your prior history in their area. At the lower end it is €10 million, so perhaps making sure your business is compliant might be the cheaper way to go.

Strategic Optimisation + Growth consultant for lean start-ups and change-making entrepreneurs enabling them to grow their business in a sustainable and profitable way. My super-powers are business optimisation, CX, SEO, and leveraging data insights for business growth. #fuelledbycoffee

Strategies and Solutions to develop, optimise and grow your business online utilising automation and integration for maximum efficiency, whilst keeping customer experience the centrepoint of all marketing and operations.